Paper 2020/1575

(In)security of the Radio Interface in Sigfox

Loïc Ferreira

Abstract

Sigfox is a popular communication and security protocol which allows setting up low-power wide-area networks for the Internet of Things. Currently, Sigfox networks operate in 72 countries, and cover 1.3 billion people. In this paper, we make an extensive analysis of the security mechanisms used to protect the radio interface. We describe news attacks against data authenticity, which is the only mandatory security property in Sigfox. Namely we describe how to replay frames, and how to compute forgeries. In addition, we highlight a flaw in the (optional) data encryption procedure. Our attacks do not exploit implementation or hardware bugs, nor do they imply a physical access to any equipment (e.g., legitimate end-device). They rely only on the peculiarities of the Sigfox security protocol. Our analysis is supported by practical experiments made in interaction with the Sigfox back-end network. These experiments validate our findings. Finally, we present efficient counter-measures which are likely straightforward to implement.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. Financial Cryptography 2021
Keywords
SigfoxSecurity protocolInternet of ThingsLow-power Wide-area NetworkCryptanalysis
Contact author(s)
loic ferreira @ orange com
History
2020-12-21: received
Short URL
https://ia.cr/2020/1575
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1575,
      author = {Loïc Ferreira},
      title = {(In)security of the Radio Interface in Sigfox},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1575},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1575}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.